List,
Perhaps I'm missing something, when I enable SNAT it makes it so I can't
resolve names anymore on my machine or make outbound connections it seems.
My Setup:
[ Local (10./24) ] <-> [ netfilter ] <-> [ Internet ]
So I setup iptables like this:
root@xxxxxx:/etc# iptables -t filter -L
Chain INPUT (policy DROP)
target prot opt source destination
ACCEPT all -- anywhere anywhere state
RELATED,ESTABLISHED
ACCEPT tcp -- anywhere anywhere tcp dpt:ssh
ACCEPT tcp -- anywhere anywhere tcp dpt:domain
ACCEPT udp -- anywhere anywhere udp dpt:domain
LOG all -- anywhere anywhere LOG level
warning
Chain FORWARD (policy ACCEPT)
target prot opt source destination
Chain OUTPUT (policy ACCEPT)
target prot opt source destination
root@xxxxxx:/etc
Everything is OK, Lan can resolve names and such.
Now I add:
iptables -t nat -A POSTROUTING -o eth1 -j SNAT --to $EXTERNAL_IP
And it all works, this command:
iptables -t nat -A POSTROUTING -s 10.0.0.0/24 -j SNAT --to $EXTERNAL_IP
Doesn't work. The LAN is fine, but the localbox cannot connect out.
What is so different about those two commands?
David Busby
Systems Engineer
busby@xxxxxxxx
